Log streaming: Amazon S3

  Last updated 2023-09-13

Fastly's Real-Time Log Streaming feature can send log files to Amazon Simple Storage Service (Amazon S3). Amazon S3 is a static file storage service used by developers and IT teams. You can also use the instructions in this guide to configure log streaming to another S3-compatible service.

NOTE

Fastly does not provide direct support for third-party services. Read Fastly's Terms of Service for more information.

Prerequisites

Before adding Amazon S3 as a logging endpoint for Fastly services, we recommend creating Identity and Access Management (IAM) credentials in your AWS account specifically for Fastly. Our recommended way for doing this is by creating an AWS IAM role, which lets you grant temporary credentials. For more information, see Creating an AWS IAM Role for Fastly Logging. Alternatively, create an IAM user and grant the user s3:PutObject permissions for the logging stream. For more information, see Amazon's guidance on understanding and getting your AWS credentials.

Adding Amazon S3 as a logging endpoint

After you've registered for an Amazon S3 account and created an IAM user in Amazon S3, follow these instructions to add Amazon S3 as a logging endpoint:

  1. Deliver services
  2. Compute services
  1. Review the information in our guide to setting up remote log streaming.

  2. In the Amazon Web Services S3 area, click Create endpoint.

  3. Fill out the Create an Amazon S3 endpoint fields as follows:

    • In the Name field, enter a human-readable name for the endpoint.
    • In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. Read our guide on changing log placement for more information.
    • In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. Consult the example format section for details.
    • (Optional) In the Timestamp format field, enter a timestamp format for log files. The default is an strftime compatible string. Our guide on changing where log files are written provides more information.
    • In the Bucket name field, enter the name of the Amazon S3 bucket in which to store the logs.
    • In the Access method field, select either User Credentials or IAM Role.
    • If you select User Credentials, enter the access key and secret key associated with the IAM user you created in your AWS account specifically for Fastly. Check out Amazon's documentation on security credentials for more information.
    NOTE

    Password management software may mistakenly treat the Secret Key field as a password field because of the way your web browser works. As such, that software may try to auto-fill this field with your Fastly account password. If this happens to you, the AWS integration with Fastly services won't work and you will need to enter Secret Key manually instead.

    • If you select IAM Role, enter the Amazon Resource Name (ARN) for the IAM role granting Fastly access to S3. For more information, see Creating an AWS IAM Role for Fastly Logging.
    • (Optional) In the Period field, enter an interval (in seconds) to control how frequently your log files are rotated. Rotation entails the finalization of one file object and the start of a new one, never removing any previously created file object. This value defaults to 3600 seconds. Use the Period setting in conjunction with a known average log rate to approximate S3 log file objects of a preferred, uncompressed size. Size may fluctuate depending on actual log volume.

  4. Click Advanced options and fill out the fields as follows:

    • (Optional) In the Path field, enter the path within the bucket to store the files. The path ends with a trailing slash. If this field is left empty, the files will be saved in the bucket's root path. Our guide on changing where log files are written provides more information.
    • (Optional) In the Domain field, enter the domain of the Amazon S3 endpoint. If your Amazon S3 bucket was not created in the US Standard region, you must set the domain to match the appropriate endpoint URL. Use the table in the S3 section of the Regions and Endpoints Amazon S3 documentation page. To use an S3-compatible storage system (such as DreamHost's DreamObjects), set the domain to match the domain name for that service (for example, in the case of DreamObjects, the domain name would be objects.dreamhost.com).
    • (Optional) In the PGP public key field, enter a PGP public key that Fastly will use to encrypt your log files before writing them to disk. You will only be able to read the contents by decrypting them with your private key. The PGP key should be in PEM (Privacy-Enhanced Mail) format. Read our guide on log encryption for more information.
    • In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
    • (Optional) In the Compression field, select the compression format you want applied to the log files. Our guide on changing log compression options provides more information.
    • From the Redundancy level menu, select a setting. This value defaults to Standard. Amazon's Using Reduced Redundancy Storage Guide provides more information on using reduced redundancy storage.
    • (Optional) From the ACL menu, select an access control header. See Amazon's Access Control List (ACL) Specific Request Headers for more information.
    • (Optional) Server side encryption area, select an encryption method to protect files that Fastly writes to your Amazon S3 bucket. Valid values are None, AES-256, and AWS Key Management Service. If you select AWS Key Management Service, you'll have to provide an AWS KMS Key ID. See Amazon's guide on protecting data using server-side encryption for more information.
    • (Optional) In the Maximum bytes field, enter the maximum file size in bytes. This value caps the file size and overrides any configured period if the size threshold is exceeded prior to the end of the period. If set to 0, no maximum is set and the file size will not be capped.
      NOTE

      The minimum file size is 1048576 bytes (1 MiB).

  5. Click Create to create the new logging endpoint.
  6. Click Activate to deploy your configuration changes.
NOTE

Although Fastly continuously streams logs into Amazon S3, the Amazon S3 website and API do not make files available for access until after their upload is complete.

Example format

The following is an example format string for sending data to Amazon S3. Our discussion of format strings provides more information.

1{
2  "timestamp": "%{strftime(\{"%Y-%m-%dT%H:%M:%S%z"\}, time.start)}V",
3  "client_ip": "%{req.http.Fastly-Client-IP}V",
4  "geo_country": "%{client.geo.country_name}V",
5  "geo_city": "%{client.geo.city}V",
6  "host": "%{if(req.http.Fastly-Orig-Host, req.http.Fastly-Orig-Host, req.http.Host)}V",
7  "url": "%{json.escape(req.url)}V",
8  "request_method": "%{json.escape(req.method)}V",
9  "request_protocol": "%{json.escape(req.proto)}V",
10  "request_referer": "%{json.escape(req.http.referer)}V",
11  "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
12  "response_state": "%{json.escape(fastly_info.state)}V",
13  "response_status": %{resp.status}V,
14  "response_reason": %{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,
15  "response_body_size": %{resp.body_bytes_written}V,
16  "fastly_server": "%{json.escape(server.identity)}V",
17  "fastly_is_edge": %{if(fastly.ff.visits_this_service == 0, "true", "false")}V
18}
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2023